1. Technical Field
The present invention relates generally to an improved data processing system, and in particular to a method and apparatus for synchronizing time. Still more particularly, the present invention relates to a method and apparatus for synchronizing time for an authentication system in a network data processing system.
2. Description of Related Art
In a multi-user computer system, identification and authentication mechanisms are essential for identifying and authenticating each individual who requests any usage of system resources. One solution is known as “Kerberos”. Originally developed at the Massachusetts Institute of Technology, Kerberos is a distributed authentication services that allows a client process running on behalf of a principal (e.g., a user) to prove its identity to a remote server without transmitting passwords over a potentially insecure network.
Kerberos requires principals to have secret keys registered with key distribution center (KDC) on the Kerberos server. A principal obtains a “ticket” from KDC to access the service on a remote server. To prevent attackers from intercepting and reusing the ticket, an authenticator, which includes a time stamp and other principal information, is presented along with the ticket in the request message to remote server.
The reason for time stamping the authenticator is to prevent a “replay attack”. In a replay attack, a hacker eavesdrops on an authentication packet. The hacker can try to replay this packet to pretend that the hacker has the ticket and authority to access this service. To prevent this kind of attack, Kerberos allows the server to accept the authenticator only if the time stamp in the authenticator is within a limited time difference from the server's own clock, such as 5 minutes earlier or later than server's clock. This range provides a 10 minute time window. Therefore, in order to allow principals successfully being authenticated as well as to prevent replay attack, it is necessary to maintain a time synchronization (a margin of a few minutes is allowable) among principals and the Kerberos server.
Kerberos does not provide a time synchronization mechanism. Synchronization is assumed to be achieved outside the Kerberos system. The current approach is that the clocks of workstations and servers that participate Kerberos authentication are adjusted with the clock on Kerberos server manually or automatically using special time servers through another protocol such a simple network time protocol (SNTP). This approach has a couple of drawbacks. As Kerberos technology is being pushed to the Internet arena, it is more difficult to achieve clock synchronization among machines on different networks or in different geographical locations. Also, Kerberos supports cross-realm authentication. Cross-realm authentication allows a user to access services in other realms. This brings the necessity to be able to dynamically synchronize a principal's time with different servers' times. The current approach does not address this requirement.
Furthermore, a security hole may be introduced into the Kerberos system because this current approach relies on the clock settings of workstations. One example of a possible scenario is if a hacker changes clock settings on the hacker's workstation to move the time a few hours ahead, then the hacker waits for somebody to try authenticating from this machine and intercepts the authentication package sent. A few hours later, the hacker replays the intercepted package. Since the server will think that time stamp is within allowed boundaries of a few minutes, it accepts the service request, and the hacker successfully gains access to the service.
Therefore, it would be advantageous to have an improved method and apparatus for an improved time synchronization mechanism.